ARTICLE 29 Data Protection Working Party

Similar documents
COMMUNICATION FROM THE COMMISSION. On the global approach to transfers of Passenger Name Record (PNR) data to third countries

LEGISLATIVE ACTS AND OTHER INSTRUMENTS Subject : Council Directive on the obligation of carriers to communicate passenger data

ARTICLE 29 Data Protection Working Party

SUMMARY OF THE IMPACT ASSESSMENT

ARTICLE 29 Data Protection Working Party

PE-CONS 71/1/15 REV 1 EN

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 16 thereof,

ARTICLE 29 DATA PROTECTION WORKING PARTY

1. What sort of passenger information will be transferred to US authorities?

ARTICLE 29 Data Protection Working Party

ARTICLE 29 DATA PROTECTION WORKING PARTY WORKING PARTY ON POLICE AND JUSTICE

Adequacy Referential (updated)

The EU Passenger Name Record System and Human Rights

P6_TA-PROV(2007)0347 PNR Agreement

PUBLIC. Brussels, 28 March 2011 (29.03) (OR. fr) COUNCIL OF THE EUROPEAN UNION. 8230/11 Interinstitutional File: 2011/0023 (COD) LIMITE

EDPS Opinion on the proposal for a recast of Brussels IIa Regulation

EUROPEAN DATA PROTECTION SUPERVISOR

COMMISSION OF THE EUROPEAN COMMUNITIES. Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

Council of the European Union Brussels, 2 December 2015 (OR. en)

EUROPEAN UNION. Brussels, 3 February 2006 (OR. en) 2005/0182 (COD) PE-CONS 3677/05 COPEN 200 TELECOM 151 CODEC 1206 OC 981

Recommendation for a COUNCIL DECISION

COMMISSION OF THE EUROPEAN COMMUNITIES. Amended proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

Working document 01/2014 on Draft Ad hoc contractual clauses EU data processor to non-eu sub-processor"

EUROPEAN DATA PROTECTION SUPERVISOR

Opinion of the European Data Protection Supervisor

Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

LEGAL BASIS OBJECTIVES ACHIEVEMENTS

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

DGD 1 EUROPEAN UNION. Brussels, 22 February 2017 (OR. en) 2015/0307 (COD) PE-CONS 55/16 FRONT 484 VISA 393 SIRIS 169 COMIX 815 CODEC 1854

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

COMMISSION OF THE EUROPEAN COMMUNITIES COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT

LEGAL BASIS OBJECTIVES ACHIEVEMENTS

Adopted on 23 June 2005

(Legislative acts) REGULATIONS REGULATION (EU) 2017/458 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL. of 15 March 2017

COMMISSION STAFF WORKING PAPER IMPACT ASSESSMENT. Accompanying document to the. Proposal for a EUROPEAN PARLIAMENT AND COUNCIL DIRECTIVE

COMMISSION OF THE EUROPEAN COMMUNITIES

Europaudvalget (Omtryk Uofficiel dansk oversættelse vedlagt) EUU Alm.del Bilag 66 Offentligt

OPINION OF THE EUROPOL, EUROJUST, SCHENGEN AND CUSTOMS JOINT SUPERVISORY AUTHORITIES

Spring Conference of the European Data Protection Authorities, Cyprus May 2007 DECLARATION

COMMISSION OF THE EUROPEAN COMMUNITIES COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT

Opinion 07/2016. EDPS Opinion on the First reform package on the Common European Asylum System (Eurodac, EASO and Dublin regulations)

EUROPEAN PARLIAMENT. Committee on Civil Liberties, Justice and Home Affairs DRAFT RECOMMENDATION

14618/16 JdSS/fp 1 DGD 1A

Counter-terrorism, De-Radicalisation and Foreign Fighters. Joint debate during the extraordinary meeting of the LIBE Committee. Giovanni Buttarelli

This document is meant purely as a documentation tool and the institutions do not assume any liability for its contents

API FACT SHEET Updated: 11 November 2016

EUROPEAN DATA PROTECTION SUPERVISOR

Opinion 3/2016. Opinion on the exchange of information on third country nationals as regards the European Criminal Records Information System (ECRIS)

PARLIAMENT v COUNCIL AND COMMISSION. JUDGMENT OF THE COURT (Grand Chamber) 30 May 2006*

Opinion 3/2019 concerning the Questions and Answers on the interplay between the Clinical Trials Regulation (CTR) and the General Data Protection

IATA/CONTROL AUTHORITIES WORKING GROUP RECOMMENDED BEST PRACTICE FOR MINORS

14480/1/17 REV 1 MP/mj 1 DG D 2B LIMITE EN

13462/18 BN/cr 1 JAI.1 LIMITE EN

6310/1/16 REV 1 BM/cr 1 DG D 1 A

Opinion 3/2017 EDPS Opinion on the Proposal for a European Travel Information and Authorisation System (ETIAS)

COUNCIL OF THE EUROPEAN UNION. Brussels, 11 June /08 Interinstitutional File: 2004/0209 (COD) SOC 357 SAN 122 TRANS 199 MAR 82 CODEC 758

Assessing the necessity of measures that limit the fundamental right to the protection of personal data: A Toolkit

EUROPEAN UNION. Brussels, 16 June 2009 (OR. en) 2006/0142 (COD) PE-CONS 3625/09 VISA 127 COMIX 317 CODEC 538

Council of the European Union Brussels, 22 September 2014 (OR. en)

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

Ninth Annual Report of the Article 29 Working Party on Data Protection

EUROPEAN PARLIAMENT COMMITTEE ON CIVIL LIBERTIES, JUSTICE AND HOME AFFAIRS

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL. amending Regulation (EU) 2016/399 as regards the use of the Entry/Exit System

COUNCIL OF THE EUROPEAN UNION. Brussels, 8 March /12 JAI 154 SCHENGEN 20 COMIX 159

COUNCIL OF THE EUROPEAN UNION. Brussels, 13 September 2011 (OR. en) 10093/11 Interinstitutional File: 2011/0126 (NLE)

Ignoring Dissent and Legality

Biometrics, privacy and security: Striking the right balance

COMMISSION OF THE EUROPEAN COMMUNITIES. Proposal for a COUNCIL DECISION

Vanessa Serrano* I. INTRODUCTION II. THE EUROPEAN UNION'S LAWS AND UNITED STATES

COMMISSION RECOMMENDATION. of XXX

EXECUTIVE SUMMARY. 3 P a g e

Council of the European Union Brussels, 16 December 2014 (OR. en)

on the proposal for a Regulation of the European Parliament and of the Council concerning customs enforcement of intellectual property rights

EUROPEAN DATA PROTECTION SUPERVISOR

Council of the European Union Brussels, 8 February 2016 (OR. en)

Table of content What is data protection? Why was is necessary? Beginnings of Data Protection Development of International Data Protection Data Protec

Having regard to the Treaty establishing the European Community, and in particular its Article 286,

6153/1/18 REV 1 VH/np 1 DGD2

1. WHY THE PROPOSAL? Improving the national enforcement of the rules on Free Movement of Workers. 1. Why this proposal? 2. What are the main elements?

(Vienna, 23 June 2004)

Council of the European Union Brussels, 28 April 2017 (OR. en)

Opinion. of the. European Union Agency for Fundamental Rights. on the. Proposal for a Directive on the use of

COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL

REGULATION (EC) No 767/2008 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL. of 9 July 2008

Proposal for a COUNCIL DECISION

Meijers Committee. Commissioner for Home Affairs EUROPEAN COMMISSION B-1049 BRUSSELS

11161/15 WST/NC/kp DGD 1

***I POSITION OF THE EUROPEAN PARLIAMENT

COUNCIL OF THE EUROPEAN UNION. Brussels, 18 March 2009 (OR. en) 17426/08 Interinstitutional File: 2007/0228 (CNS) MIGR 130 SOC 800

Council of the European Union Brussels, 24 October 2017 (OR. en)

ACTS ADOPTED UNDER TITLE VI OF THE EU TREATY

With the current terrorist threat facing European Union Member States, including the UK

The EU as an actor in International Law. Lund, 7 September 2017 Eduardo Gill-Pedro

(Text with EEA relevance)

Proposal for a COUNCIL DECISION

REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL

The legal framework and guidance on data protection under the. Cross-border ehealth Information Services (CBeHIS) T6.2 JAseHN draft v.2 (20.10.

OPINION OF ADVOCATE GENERAL POIARES MADURO delivered on 25 January

LIMITE EN COUNCIL OF THE EUROPEAN UNION. Brussels, 11 January /07 Interinstitutional File: 2004/0287 (COD) LIMITE VISA 7 CODEC 32 COMIX 25

Transcription:

ARTICLE 29 Data Protection Working Party 1613//06/EN WP 127 Opinion 9/2006 on the Implementation of Directive 2004/82/EC of the Council on the obligation of carriers to communicate advance passenger data Adopted on 27 th September 2006 This Working Party was set up under Article 29 of Directive 95/46/EC. It is an independent European advisory body on data protection and privacy. Its tasks are described in Article 30 of Directive 95/46/EC and Article 15 of Directive 2002/58/EC. The secretariat is provided by Directorate C (Civil Justice, Rights and Citizenship) of the European Commission, Directorate General Justice, Freedom and Security, B-1049 Brussels, Belgium, Office No LX-46 01/43. Website: http://ec.europa.eu/justice_home/fsj/privacy/index_en.htm

THE WORKING PARTY ON THE PROTECTION OF INDIVIDUALS WITH REGARD TO THE PROCESSING OF PERSONAL DATA Set up by Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 having regard to Articles 29 and 30 (1)(a) and (3) of that Directive and 15 (3) of 2002/58/EC of the European Parliament and of the Council of 12 July 2002, having regard to its Rules of Procedure, and in particular Articles 12 and 14 thereof, has adopted the following Opinion I - Implementation of the Directive into National Law Need for Guidance On April 29, 2004 the Council adopted Directive 2004/82/EC on the obligation of air carriers to communicate advance passenger data on request to authorities in charge of controlling the external borders of the European Union. The Directive is complementary to the provisions of the Schengen Convention since the latter ones are also intended to curb migratory flows and combat illegal immigration The Directive had to be transposed by the Member States of the European Union into national law by September 5, 2006. The Article 29 Working Party notes that a number of Member States have not met this deadline and that national laws transposing the Directive are still under discussion. It is still not clear whether all Member States will have implemented the Directive by the end of 2006. Other Member States may have to decide on the practical measures they have to take for the implementation of the directive. It has to be pointed out that for the sake of air passengers and air carriers alike the Directive should be implemented as soon as possible in a uniform, harmonised manner, in order to avoid diverging regulations within the European Union. All persons concerned flying into the European Union should be treated in the same way and should enjoy the same rights. Situations where passengers are treated in different ways must be avoided. The Working Party is furthermore of the view that the provisions of the Directive should be interpreted and implemented in a privacy-consistent way, in full compliance with data protection principles as laid down in Directive 95/46/EC, by respecting data protection as a fundamental right to be enjoyed by all individuals throughout the European Union. Bearing this objective in mind, the Working Party has found it appropriate to adopt some interpretive and implementing guidelines that may be of help to Member States in transposing the Directive as well as in developing the operational mechanisms. The Article 29 Working Party is well aware of the growing importance attached worldwide to the use of API (Advance Passenger Information) data for checking passengers. It also recalls its view expressed earlier 1 that it is necessary for the middlelong term to develop a more consistent approach towards the exchange of passenger data to ensure air traffic security, the fight against illegal immigration, and respect for human rights on a global level. 1 Opinion 5/2006 on the ruling by the European Court of Justice of 30 May 2006 in Joined Cases C- 317/04 and C-318/04 on the transmission of Passenger Name Records to the United States, WP122, 14 June 2006-2-

II - Specific Data Protection Guidelines 1) Purpose Limitation 1a) Purposes of the Processing: The purpose of data collection is clearly indicated in Article 1, paragraph 1 of the Directive: to improve border controls and combat illegal immigration. To that end, the competent national authorities may receive from carriers the data set out in Article 3, paragraph 2, of the Directive. The Working Party recalls that, in implementing the Directive, compliance with the purpose limitation principle is paramount. Therefore, the purposes of the processing in question must be clearly set out in national legislation and limited to what is set out in the aforementioned article of the Directive. 1b) Derogation for law enforcement purposes : Art. 6, paragraph 1, last sentence of the Directive provides that, as a derogation from the aforementioned principle, data may also be used for law enforcement purposes in accordance with the national laws of the Member States and in line with data protection provisions under Directive 95/46. Directive 2004/82, however, does not define law enforcement purposes. The Working Party considers it necessary for Member States to apply this derogation restrictively by clearly setting out the specific cases in which the data at issue may be used in law enforcement cases. In particular, the Working Party understands that such use may only take place for the investigation of serious crime, in specific cases and in the presence of specific data protection safeguards to prevent any misuse of the data. This is indispensable to ensure that data protection rights are also guaranteed when the data are used by other authorities than those for which they are primarily intended. 1c) Only EU-Bound Flights: It has also to be mentioned that the Directive covers only flights bound for a EU Member State (see Article 3, paragraph 1) and that it does not give Member States the right to request air carriers to collect and transmit advance passenger data regarding flights within the European Union. 2) Scope of Data Collection: Data Minimisation, Relevance, Non-Excessiveness 2a) Data Categories under the Directive: The Directive clearly sets out the scope of the data that may be communicated by air carriers to the competent national authorities for the purposes mentioned above (Article 3, paragraph 2). Such data should be regarded as necessary and sufficient in the light of the purposes of the Directive (improvement of border controls and fight against illegal immigration). 2b) Additional Obligations and/or Data Categories, Including Biometric Data: Recital 8 in the Directive indicates the Member States may be entitled to provide for additional data categories to be communicated by carriers, on request. Recital 9 refers to the possible inclusion of biometric features in the information to be provided by carriers, also based on technological innovation ; in this connection, it has to be noted that the Directive does not give any definition of biometric features and leaves it up to the requesting authorities to outline which biometric features should be transferred and when the requesting authorities consider such a transfer to be technically feasible. According to the Working Party, the collection of additional data elements, including data regarding the return tickets as mentioned in Recital 8, would be excessive in relation to the purposes being sought; the use of biometric -3-

data would be even more worrisome in the absence of clear-cut specifications concerning the purposes for which they should be collected and processed and the biometric features regarded as both necessary and proportionate for those purposes (see considerations on the processing of biometric data as made in documents WP80, WP96, and WP112). 2c) International Context and Sector-Specific Standards: Member States should also consider the scope of the data to be transmitted by carriers in the light of international standards set out by the relevant bodies such as the International Civil Aviation Organisation (ICAO), the World Customs Organisation (WCO) and the International Air Transport Association (IATA). These bodies have developed clearcut definitions of API data in order to achieve harmonised standards and uniform practices. Such standards were re-affirmed recently also by the European Civil Aviation Conference, which adopted on 8 April 2006 a statement of principles for API systems that Member States are invited to take into account when introducing an API system. In particular, it is clearly stated that API data consist of data found in the machine readable zone of the travel document. The Guidelines recommend that API data should not exceed those data indicated in the Guidelines. The Working Party would like to point out that Member States would be in breach of Directive 95/46 if they demanded all passenger data contained in the passenger name records (PNR) or the departure control lists of air carriers, since both by far exceed the data mentioned in the Guidelines and in other relevant international standards; additionally, it should be stressed that PNR data are not necessary for the purpose of border control. 3) Retention of the Data The Working Party would like to underline that, as specified in the Directive, the data received by border control authorities may be kept for longer than 24 hours only if needed for the purposes of the statutory functions of such authorities. However, the Directive does not specify for how long these data may be kept if forwarded to law enforcement authorities as per the derogation envisaged in Article 6, paragraph 1. As an exception to the rule that data should not be retained for longer than 24 hours, retention for a longer period should only be applied in specific cases, for example when the identity of travellers cannot be established or passengers do not have correct travel documents. Member States should provide that the data be not kept for longer than is absolutely necessary with regard to these specific purposes. 4) Information to Data Subjects Article 6, paragraph 2, of the Directive requires air carriers to inform passengers in accordance with Directive 95/46/EC. The Article 29 Working Party recalls in this connection that it adopted Opinion 97 on September 30, 2004 - regarding the information for passengers concerning the transfer of PNR data on flights between the European Union and the United States of America - and Opinion 100 dated November 25, 2004 regarding more harmonised information provisions. Both versions can serve as models to inform passengers in a comprehensive and conspicuous way. Air carriers are called upon to harness both versions with a view to being in full compliance with their obligations according to Directive 95/46/EC. Member States are called upon to ensure that passengers are also informed of possible onward transfers of their data to law -4-

enforcement authorities for the specific purposes set out in national law, in accordance with as harmonised an approach as possible. III - Conclusion The Article 29 Working Party fully supports the objective of curbing illegal immigration by improving checks on EU-bound flights as set out in Council Directive 2004/82/EC. However, the Working Party is keen to ensure that the transposition of this Directive into national law takes place in as harmonised and consistent a manner as possible by taking account of the data protection principles enshrined in Directive 95/46/EC which are expressly left unprejudiced by the Council Directive in question. For the above reason, the Working Party set out some implementing and interpretive guidelines in this Opinion in order to prevent diverging approaches by Member States that might result from the lack of clear-cut indications in some provisions of the Directive in question. The Working Party calls upon the legislatures of Member States and all competent national authorities to take account of these guidelines in developing and applying national legislation transposing the Directive. Done in Brussels, on 27 th September 2006 For the Working Party The Chairman Peter SCHAAR -5-

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback